quartz/content/10-19 LIFE/13 TECH SETUP/13.13 OS SETUP/Keychain.md

---
publish: true
permalink: /os/keychain
title: Keychain
created: 2026-01-29T21:15:48.335-07:00
modified: 2026-02-05T12:18:02.157-07:00
tags:
  - security
  - secrets
  - gnome-keyring
cssclasses: ""
---

GNOME Keyring for managing secrets, SSH keys, and application passwords.

## Installation

```bash
sudo pacman -S gnome-keyring libsecret seahorse
```

- `gnome-keyring` — The keyring daemon
- `libsecret` — Library for apps to access secrets
- `seahorse` — GUI for managing keyring

## PAM Integration

Automatically unlock keyring on login.

Edit `/etc/pam.d/login`:
```
auth       optional     pam_gnome_keyring.so
session    optional     pam_gnome_keyring.so auto_start
```

For GDM/SDDM, also edit `/etc/pam.d/passwd`:
```
password   optional     pam_gnome_keyring.so
```

## Hyprland Integration

Add to `~/.config/hypr/hyprland.conf`:
```bash
exec-once = gnome-keyring-daemon --start --components=secrets,ssh
```

Set environment variables in hyprland.conf:
```bash
env = SSH_AUTH_SOCK,$XDG_RUNTIME_DIR/gcr/ssh
```

Or in your shell profile:
```bash
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gcr/ssh"
```

## SSH Key Management

### Add key to agent

```bash
ssh-add ~/.ssh/id_ed25519
```

### List keys

```bash
ssh-add -l
```

### GUI management

Launch Seahorse:
```bash
seahorse
```

## Unlocking

If keyring doesn't auto-unlock:

```bash
# Manually unlock
gnome-keyring-daemon --unlock

# Or via secret-tool
secret-tool search --unlock xdg:schema org.gnome.keyring.Note
```

## Application Support

Apps using libsecret (most modern apps) will automatically use gnome-keyring. For apps that need explicit setup:

### Git credential storage

```bash
git config --global credential.helper /usr/lib/git-core/git-credential-libsecret
```

### VS Code

VS Code uses gnome-keyring automatically for settings sync.

## Resources

- Arch Wiki: https://wiki.archlinux.org/title/GNOME/Keyring